]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 58f7de9)
- Fix possible memory corruption
authorMarcus Boerger <helly@php.net>
Thu, 13 Mar 2008 19:45:22 +0000 (19:45 +0000)
committerMarcus Boerger <helly@php.net>
Thu, 13 Mar 2008 19:45:22 +0000 (19:45 +0000)
ext/spl/spl_directory.c patch | blob | history
ext/spl/tests/dit_003.phpt [new file with mode: 0755] patch | blob

diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index f5732fcc909099245bc0b1b400dc4cde720796f3..32b6fd09747ef853b799b2f4a378a58eb01f49b5 100755 (executable)
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -1403,10 +1403,11 @@ zend_object_iterator *spl_filesystem_dir_get_iterator(zend_class_entry *ce, zval
 static void spl_filesystem_dir_it_dtor(zend_object_iterator *iter TSRMLS_DC)
 {
        spl_filesystem_iterator *iterator = (spl_filesystem_iterator *)iter;
+       zval *zfree = (zval*)iterator->intern.data;
 
-       zval_ptr_dtor(&iterator->current);
-       zval_ptr_dtor((zval**)&iterator->intern.data);
        iterator->intern.data = NULL; /* mark as unused */
+       zval_ptr_dtor(&iterator->current);
+       zval_ptr_dtor(&zfree);
 }
 /* }}} */
 
@@ -1469,12 +1470,15 @@ static void spl_filesystem_dir_it_rewind(zend_object_iterator *iter TSRMLS_DC)
 static void spl_filesystem_tree_it_dtor(zend_object_iterator *iter TSRMLS_DC)
 {
        spl_filesystem_iterator *iterator = (spl_filesystem_iterator *)iter;
+       zval *zfree = (zval*)iterator->intern.data;
 
        if (iterator->current) {
                zval_ptr_dtor(&iterator->current);
        }
-       zval_ptr_dtor((zval**)&iterator->intern.data);
        iterator->intern.data = NULL; /* mark as unused */
+       /* free twice as we add ref twice */
+       zval_ptr_dtor(&zfree);
+       zval_ptr_dtor(&zfree);
 }
 /* }}} */
 
@@ -1586,7 +1590,7 @@ zend_object_iterator *spl_filesystem_tree_get_iterator(zend_class_entry *ce, zva
        dir_object = (spl_filesystem_object*)zend_object_store_get_object(object TSRMLS_CC);
        iterator   = spl_filesystem_object_to_iterator(dir_object);
 
-       Z_ADDREF_P(object);
+       Z_SET_REFCOUNT_P(object, Z_REFCOUNT_P(object) + 2);
        iterator->intern.data = (void*)object;
        iterator->intern.funcs = &spl_filesystem_tree_it_funcs;
        iterator->current = NULL;
diff --git a/ext/spl/tests/dit_003.phpt b/ext/spl/tests/dit_003.phpt
new file mode 100755 (executable)
index 0000000..4232a7f
--- /dev/null
+++ b/ext/spl/tests/dit_003.phpt
@@ -0,0 +1,17 @@
+--TEST--
+SPL: FilesystemIterator and foreach
+--SKIPIF--
+<?php if (!extension_loaded("spl")) print "skip"; ?>
+--FILE--
+<?php
+$count = 0;
+foreach(new FilesystemIterator('CVS') as $ent)
+{
+       ++$count;
+}
+var_dump($count > 0);
+?>
+===DONE===
+--EXPECTF--
+bool(true)
+===DONE===
Unnamed repository; edit this file 'description' to name the repository.